You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Jörg Hoh (JIRA)" <ji...@apache.org> on 2015/05/26 15:09:18 UTC
[jira] [Commented] (SLING-4748) Request using "sling:bg=true"
causes StackOverflow when no read access to /var
[ https://issues.apache.org/jira/browse/SLING-4748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14559081#comment-14559081 ]
Jörg Hoh commented on SLING-4748:
---------------------------------
Looks better now, thanks! No StackOverflowException anymore. We probably need to handle a resulting "AccessDeniedException" better, but that's something for another ticket.
> Request using "sling:bg=true" causes StackOverflow when no read access to /var
> ------------------------------------------------------------------------------
>
> Key: SLING-4748
> URL: https://issues.apache.org/jira/browse/SLING-4748
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Background Servlet 1.0.0
> Reporter: Jörg Hoh
> Assignee: Bertrand Delacretaz
> Fix For: Background Servlet 1.0.0
>
>
> I have a system, where the anonymous user does not have read access to /var/bg. When I do a call to it (for example: http://localhost:4503/?sling:bg=true", it returns with a internal server error. The log shows a stackoverflow exception, caused by
> {code}
> ...
> at org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
> at org.apache.sling.bgservlets.impl.DeepNodeCreator.deepCreateNode(DeepNodeCreator.java:54)
> ...
> {code}
> Looking at this line in the code I see a recursive call of deepCreateNode, which is executed, when the item itself does not exist. Which is true from the view of an anonymous session, which doesn't have read access to nodes beneath /var.
> The code should be improved, so it does either check with an admin session that the path exists, but is simply not readable, or preferably add some detection, that it has already reached "/" and that it doesn't make sense to continue then.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)